CVE-2019-10161

Summary: CVE-2019-10161 affects libvirt’s libvirtd server in vulnerable releases prior to 4.10.1 and 5.4.1. The virDomainSaveImageGetXMLDesc() API could be invoked by read-only clients with access to the libvirtd socket, specifying an arbitrary path that would be accessed with the permissions of ...

CVE-2023-3750

CVE-2023-3750 affects libvirt due to an issue in libvirt’s virStoragePoolObjListSearch that can fail to return a locked pool, causing a race condition and potential denial of service by crashing the libvirt daemon when a lock is attempted from another thread. Public reports in connected advisorie...

CVE-2020-25637

CVE-2020-25637 affects libvirt API used to fetch network interfaces for running QEMU domains. A double-free in the polkit-enabled read-write socket handling can crash the libvirt daemon, causing denial of service and potential privilege escalation. The vulnerability affects versions before 6.8.0;...

CVE-2019-10167

CVE-2019-10167 affects libvirt’s virConnectGetDomainCapabilities() API. The vulnerability arises from an emulatorbin argument that libvirt v1.2.19+ uses to probe domain capabilities; read‑only clients could supply an arbitrary path, causing libvirtd to execute a crafted executable with libvirtd’s...

CVE-2020-14339

CVE-2020-14339 describes a flaw in libvirt where a file descriptor for /dev/mapper/control is leaked into the QEMU process. This enables privileged operations against the host device-mapper, allowing a malicious guest user or process to perform actions outside normal permissions and potentially d...

CVE-2019-10168

The CVE-2019-10168 issue affects the libvirt APIs virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU. Versions affected are libvirt 4.x before 4.10.1 and 5.x before 5.4.1. libvirt will execute the program specified by the emulator argument during domain capability probing. Read-on...

CVE-2019-10166

Summary: CVE-2019-10166 affects libvirt. Affected versions: libvirt 4.x up to before 4.10.1 and 5.x up to before 5.4.1. Root cause: The virDomainManagedSaveDefineXML API was exposed to read‑only clients, enabling modification of managed save state files. Impact: If a privileged user created a man...

CVE-2020-12430

CVE-2020-12430 (libvirt) affects libvirt versions 4.10.0 through 6.x before 6.1.0. A memory leak in virDomainListGetStats triggered when retrieving domain statistics via the domstats API can be exploited by unprivileged users with a read-only connection to cause a denial of service. The issue ori...

CVE-2019-3840

CVE-2019-3840 is a NULL pointer dereference in libvirt related to qemuAgentGetInterfaces after qemuAgentCommand, allowing a guest VM attacker to crash libvirtd and cause a denial of service. Affected packages are libvirt; remediation is to update the libvirt package to a patched version as descri...

CVE-2019-20485

CVE-2019-20485 affects libvirt’s qemu_driver.c, where libvirt before version 6.0.0 mishandles holding a monitor job during a guest-agent query, enabling a denial of service (API blockage). Connected advisories corroborate the issue across multiple distributions (e.g., Astra Linux, Amazon Linux 2,...

CVE-2021-3631

CVE-2021-3631 affects libvirt: flaw in SELinux MCS category pair generation for VM dynamic labels allows a guest to access files labeled for another guest, breaking sVirt confinement and impacting confidentiality/integrity. Connected advisories confirm libvirt remediation via package upgrades (no...

CVE-2024-2496

Mode C: This CVE is active in libvirt. A NULL pointer dereference in udevConnectListAllInterfaces() can occur when detaching a host interface while listing interfaces with virConnectListAllInterfaces, potentially crashing the libvirt daemon (DoS). Connected advisories confirm affected packages an...

CVE-2019-10132

CVE-2019-10132 affects libvirt 4.1.0 and later, specifically the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any host user to connect via virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks on the vir...

CVE-2020-10703

CVE-2020-10703 is a NULL-pointer dereference in the libvirt API used to fetch a storage pool by target path. The flaw, introduced upstream in version 3.10.0 and fixed in 6.0.0, can affect storage pools created without a target path (e.g., network-based pools like Gluster and RBD). Unprivileged re...

CVE-2019-3886

CVE-2019-3886 affects libvirt 4.8.0 and later. The issue is an incorrect permissions check that lets a read‑only/client using APIs depending on the guest agent perform actions that can lead to information disclosure or denial of service (libvirt could block). The connected documents confirm libvi...

CVE-2022-0897

CVE-2022-0897 : In the libvirt nwfilter driver, virNWFilterObjListNumOfNWFilters fails to acquire the driver->nwfilters mutex before iterating virNWFilterObj instances, allowing concurrent modification of driver->nwfilters. This can crash the network filter management daemon (libvirtd/virtn...

CVE-2021-3975

CVE-2021-3975 is a use-after-free in libvirt affecting the qemuMonitorUnregister path inside qemuProcessHandleMonitorEOF. It can be triggered by the virConnectGetAllDomainStats API during guest shutdown, allowing an unprivileged read-only client to crash the libvirt daemon and cause a denial of s...

CVE-2020-14301

CVE-2020-14301 is an information-disclosure in libvirt prior to 6.3.0 where HTTP cookies used to access network-based disks were saved in a guest domain’s dumpxml XML, enabling access to sensitive domain configuration data. Affected: libvirt

CVE-2018-5748

CVE-2018-5748 affects libvirt and its QEMU monitoring path (qemu/qemu_monitor.c). A large QEMU reply can trigger memory exhaustion, enabling a denial-of-service. Connected documents also note an incomplete fix for CVE-2018-5748 that may be triggered via the QEMU guest agent (CVE-2018-1064). Vulne...

CVE-2021-3667

CVE-2021-3667 affects libvirt, in particular the virStoragePoolLookupByTargetPath API where a locked virStoragePoolObj is not released on ACL permission failure. This can let clients with limited ACLs on the read-write socket acquire the lock and cause denial of service to storage pool/volume API...

CVE-2023-2700

The CVE-2023-2700 entry describes a memory leak in libvirt caused by repeatedly querying an SR-IOV PCI device’s capabilities, due to failure to free the virPCIVirtualFunction array in the parent struct’s g_autoptr cleanup. Connected documents corroborate a libvirt vulnerability affecting memory c...

CVE-2018-1064

CVE-2018-1064 affects libvirt versions before 4.2.0-rc1. It describes a resource exhaustion vulnerability arising from an incomplete fix for CVE-2018-5748 that originally targeted the QEMU monitor and is now also triggered via the QEMU guest agent. The impact is a denial of service through memory...

CVE-2018-6764

CVE-2018-6764 affects libvirt: util/virlog.c may fail to determine the hostname during LXC container startup, enabling a local attacker (guest OS user) to bypass container protections and run arbitrary commands via a crafted NSS module. The issue is concrete in libvirt’s LXC handling and NSS modu...

CVE-2017-1000256

CVE-2017-1000256 affects libvirt 2.3.0 and later. The issue arises from a default TLS configuration where verify-peer=no is passed to QEMU by libvirt, causing failure to validate SSL/TLS certificates by default. Several advisories indicate TLS client/server certificate verification could be disab...

CVE-2021-4147

CVE-2021-4147 affects the libvirt libxl driver. A malicious guest can continuously reboot, causing libvirtd on the host to deadlock or crash, leading to a denial of service. Public docs reference the libvirt/QEMU context and confirm the issue lies in the libxl driver that can trigger host-side ha...

CVE-2016-5008

CVE-2016-5008 affects libvirt prior to 2.0.0, where setting the VNC password to an empty string fails to disable authentication, allowing an unauthenticated remote attacker to establish a VNC session. The root cause is improper disabling of password checking for VNC when the password is empty. Do...

CVE-2011-2511

CVE-2011-2511: Integer overflow in libvirt before 0.9.3 can be triggered by VirDomainGetVcpus RPC calls, allowing remote authenticated users to crash libvirtd and potentially execute arbitrary code due to memory corruption. The vulnerability affects libvirt’s remote management interface; several ...

CVE-2013-6458

CVE-2013-6458 affects libvirt and is described in CentOS/CESA-2014:0103 as a use-after-free flaw in libvirt block APIs. A remote attacker who can establish a read-only connection to libvirtd could crash the libvirtd process or, potentially, execute arbitrary code with the libvirtd user’s privileg...

CVE-2015-5313

CVE-2015-5313 is a directory traversal vulnerability in libvirt (virStorageBackendFileSystemVolCreate in storage/storage_backend_fs.c) that can be exploited by a local user who has storage_vol:create rights but lacks domain:write, via a volume name containing .. to write arbitrary files when ACLs...

CVE-2014-0179

Libvirt vulnerability CVE-2014-0179 affects libvirt 0.7.5 through 1.2.x before 1.2.5. A crafted XML document containing an XML External Entity declaration with an entity reference to the virConnectCompareCPU or virConnectBaselineCPU API can be parsed due to XML_PARSE_NOENT behavior, allowing loca...

CVE-2011-1486

CVE-2011-1486 affects libvirt’s libvirtd: libvirt before 0.9.0 uses non‑thread-safe error reporting, allowing remote attackers to cause a denial of service (crash) by having multiple threads report errors simultaneously. This is evidenced in multiple advisories (openSUSE/libvirt patches note the ...

CVE-2011-1146

Affected software/component: libvirt API in Red Hat libvirt 0.8.8. Vulnerability summary: libvirt.c does not properly restrict operations on a read-only connection, enabling a remote attacker to cause a host OS denial of service (crash) and potentially execute arbitrary code via six API calls: vi...

CVE-2013-0170

CVE-2013-0170 is a use-after-free in virNetMessageFree (rpc/virnetserverclient.c) affecting libvirt 1.0.x prior to 1.0.2, 0.10.2 prior to 0.10.2.3, 0.9.11 prior to 0.9.11.9, and 0.9.6 prior to 0.9.6.4. By triggering certain errors during an RPC connection, a freed message may remain in the queue,...

CVE-2014-3672

CVE-2014-3672 affects the qemu implementation in libvirt (before 1.3.0) and Xen. Local guest OS users can trigger a denial of service on the host (host disk consumption) by writing to stdout or stderr. Root cause details and specific impacted versions are stated in the public CVE description; rem...

CVE-2024-8235

CVE-2024-8235 : In libvirt, a refactor of the code fetching the list of interfaces introduces a corner case on platforms where allocating 0 bytes yields a NULL pointer, causing a NULL-pointer dereference and a crash of the virtinterfaced daemon. This could allow clients on the read-only socket to...

CVE-2013-4311

CVE-2013-4311 stems from a PolkitUnixProcess race in pkcheck that can bypass access controls via a (setuid) process or pkexec, enabling local privilege bypass. Affected are libvirt components across multiple branches: libvirt 1.0.5.x (before 1.0.5.6), 0.10.2.x (before 0.10.2.8), and 0.9.12.x (bef...

CVE-2014-7823

CVE-2014-7823 affects libvirt’s virDomainGetXMLDesc() (Libvirt before 1.2.11). When using the VIR_DOMAIN_XML_MIGRATABLE flag, a remote read‑only user could bypass the VIR_DOMAIN_XML_SECURE guard and leak the VNC password from the domain XML. Documents consistently describe the root cause as a per...

CVE-2012-4423

CVE-2012-4423 affects libvirt; the virNetServerProgramDispatchCall path allows remote DoS via an RPC number equal to an event or a value in a gap of the RPC dispatch table. The vulnerability is present in libvirt prior to 0.10.2; remediation is to upgrade to libvirt 0.10.2 or newer (as reflected ...

CVE-2013-4296

CVE-2013-4296 affects libvirt: the remoteDispatchDomainMemoryStats function could be exploited by remote-authenticated users to trigger a denial-of-service via an uninitialized pointer dereference. Affected releases include libvirt 0.9.1–0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, a...

CVE-2014-8136

CVE-2014-8136 affects libvirt via the qemu/qemu_driver.c path: qemuDomainMigratePerform and qemuDomainMigrateFinish2 do not unlock the domain when an ACL check fails, enabling a local attacker to cause a denial of service. Public references in connected advisories (e.g., USN/RHSA/CESA entries) co...

CVE-2020-10701

CVE-2020-10701 relates to a missing authorization flaw in the libvirt API that controls the QEMU guest agent response timeout. The issue permits read-only connections to modify the timeout used for QEMU guest agent commands, potentially causing agent commands to fail if the agent cannot respond i...

CVE-2016-10746

CVE-2016-10746 affects libvirt before 1.3.1: libvirt-domain.c allows virDomainGetTime API calls by guest agents over an RO connection when an RW connection was required. Root cause is a permission/connection type mismatch enabling information disclosure or potential denial of service. Remediation...

CVE-2013-5651

CVE-2013-5651 affects libvirt: the virBitmapParse function in util/virbitmap.c (pre-1.1.2) can read beyond the bounds of an array when processing a crafted bitmap (e.g., large nodeset value for numatune), causing a denial of service. OpenSUSE/Nessus entries confirm the fix for virBitmapParse out-...

CVE-2014-5177

Technical details about CVE-2014-5177 are not publicly available in the provided connected documents. Monitor for updates in the cited advisories and vendor notices to obtain confirmed affected versions, impact, and remediation steps.

CVE-2015-0236

CVE-2015-0236 affects libvirt before 1.2.12. Remote authenticated users can obtain VNC passwords by abusing VIR_DOMAIN_XML_SECURE flag in two XML-descending interfaces (virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc). The issue is tied to libvirt’s handling of XML data under the VIR...

CVE-2014-1447

libvirt (libvirtd) vulnerabilities: a race condition in virNetServerClientStartKeepAlive before 1.2.1 can allow remote attackers to crash libvirtd by closing a connection before the keepalive response is sent. Affected component is the keepalive handling path in libvirt’s daemon; impact is denial...

CVE-2013-1962

CVE-2013-1962 affects libvirt’s storage pool handling: the remoteDispatchStoragePoolListAllVolumes function in libvirt 1.0.5 may be exploited to exhaust file descriptors by sending a high volume of requests to list all volumes for a pool, causing a denial of service. Multiple advisories note fixe...

CVE-2013-6456

CVE-2013-6456 affects the LXC driver (lxc_driver.c) in libvirt 1.0.1–1.2.1. It allows a local user to perform a symlink-based attack under /dev in the container to (1) delete arbitrary host devices via virDomainDeviceDettach, (2) create arbitrary device nodes via virDomainDeviceAttach, and (3) tr...

CVE-2011-2178

CVE-2011-2178 affects libvirt (virSecurityManagerGetPrivateData in security/security_manager.c) from versions 0.8.8–0.9.1. The bug uses the wrong argument for a sizeof call, causing incorrect processing of security manager private data that reopens disk probing, which may allow guest OS users to ...

CVE-2011-4600

CVE-2011-4600 pertains to libvirt (before 0.9.9). The vulnerability lies in the networkReloadIptablesRules function in network/bridge_driver.c, which may mishandle firewall rules on bridge networks when libvirtd is restarted, potentially allowing a remote attacker to bypass access restrictions vi...